vulnerability

Red Hat: CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:N/I:P/A:P)	Feb 26, 2022	Nov 9, 2022	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:P)

Published

Feb 26, 2022

Added

Nov 9, 2022

Modified

Mar 27, 2026

Description

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

CWE-327
EUVD-EUVD-2020-23994
NVD-CVE-2020-36516
REDHAT-RHSA-2022:7444
REDHAT-RHSA-2022:7683
REDHAT-RHSA-2022:7933
REDHAT-RHSA-2022:8267
REDHAT-RHSA-2024:2674
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-23994

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today